Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack

Authors:
Hung-Min Sun;Mu-En Wu;Yao-Hsin Chen
Affiliations:
Department of Computer Science, National Tsing Hua University, Hsinchu,30013, Taiwan;Department of Computer Science, National Tsing Hua University, Hsinchu,30013, Taiwan;Department of Computer Science, National Tsing Hua University, Hsinchu,30013, Taiwan
Venue:
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Year:
2007

Citing 6
Cited 5

A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
The better bound of private key in RSA with unbalanced primes

Applied Mathematics and Computation
On the Design of RSA with Short Secret Exponent

ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
RSA with balanced short exponents and its application to entity authentication

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of RSA with private key d less than N0.292

IEEE Transactions on Information Theory

A variant of Wiener's attack on RSA with small secret exponent

ACM Communications in Computer Algebra
Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits

CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Improved Partial Key Exposure Attacks on RSA by Guessing a Few Bits of One of the Prime Factors

Information Security and Cryptology --- ICISC 2008
On the improvement of fermat factorization

NSS'12 Proceedings of the 6th international conference on Network and System Security
On the improvement of Fermat factorization using a continued fraction technique

Future Generation Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the RSA system, balanced modulus Ndenotes a product of two large prime numbers pand q, where qpq. Since Integer-Factorization is difficult, pand qare simply estimated as ${\sqrt{N}}$. In the Wiener attack, $2\sqrt{N}$ is adopted to be the estimation of p+ qin order to raise the security boundary of private-exponent d. This work proposes a novel approach, called EPF, to determine the appropriate prime-factors of N. The estimated values are called "EPFs of N", and are denoted as pEand qE. Thus pEand qEcan be adopted to estimate p+ qmore accurately than by simply adopting $2\sqrt{N}$. In addition, we show that the Verheul and Tilborg's extension of the Wiener attack can be considered to be brute-guessing for the MSBs of p+ q. Comparing with their work, EPF can extend the Wiener attack to reduce the cost of exhaustive-searching for 2r+ 8 bits down to 2r茂戮驴 10 bits, where rdepends on Nand the private key d. The security boundary of private-exponent dcan be raised 9 bits again over Verheul and Tilborg's result.